cpe:/a:newlife_blogger:newlife_blogger:3.0 cpe:/a:newlife_blogger:newlife_blogger:3.3.1 CVE-2008-6180 2009-02-19T13:30:00.233-05:00 2017-09-28T21:33:00.433-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-20T09:15:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20081012 NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability BID 31728 SECUNIA 32214 EXPLOIT-DB 6739 VUPEN ADV-2008-2797 MISC http://www.pepelux.org/exploits/newlife-es.txt XF newlifeblogger-nlbuserclass-security-bypass(45821) XF newlifeblogger-nlbuserclass-sql-injection(45820) SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.